2 files changed, 19 insertions, 11 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
index 63ba6273..a85f7da1 100644
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py
@@ -15,22 +15,18 @@ from cryptography.hazmat.primitives.asymmetric import (
     AsymmetricSignatureContext, AsymmetricVerificationContext, rsa
 )
 from cryptography.hazmat.primitives.asymmetric.padding import (
-    AsymmetricPadding, MGF1, OAEP, PKCS1v15, PSS
+    AsymmetricPadding, MGF1, OAEP, PKCS1v15, PSS, calculate_max_pss_salt_length
 )
 from cryptography.hazmat.primitives.asymmetric.rsa import (
     RSAPrivateKeyWithSerialization, RSAPublicKeyWithSerialization
 )
 
 
-def _get_rsa_pss_salt_length(pss, key_size, digest_size):
+def _get_rsa_pss_salt_length(pss, key, hash_algorithm):
     salt = pss._salt_length
 
     if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH:
-        # bit length - 1 per RFC 3447
-        emlen = int(math.ceil((key_size - 1) / 8.0))
-        salt_length = emlen - digest_size - 2
-        assert salt_length >= 0
-        return salt_length
+        return calculate_max_pss_salt_length(key, hash_algorithm)
     else:
         return salt
 
@@ -220,8 +216,8 @@ class _RSASignatureContext(object):
                 pkey_ctx,
                 _get_rsa_pss_salt_length(
                     self._padding,
-                    self._private_key.key_size,
-                    self._hash_ctx.algorithm.digest_size
+                    self._private_key,
+                    self._hash_ctx.algorithm,
                 )
             )
             self._backend.openssl_assert(res > 0)
@@ -348,8 +344,8 @@ class _RSAVerificationContext(object):
                 pkey_ctx,
                 _get_rsa_pss_salt_length(
                     self._padding,
-                    self._public_key.key_size,
-                    self._hash_ctx.algorithm.digest_size
+                    self._public_key,
+                    self._hash_ctx.algorithm,
                 )
             )
             self._backend.openssl_assert(res > 0)
diff --git a/src/cryptography/hazmat/primitives/asymmetric/padding.py b/src/cryptography/hazmat/primitives/asymmetric/padding.py
index c796d8e4..a37c3f90 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/padding.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/padding.py
@@ -5,11 +5,13 @@
 from __future__ import absolute_import, division, print_function
 
 import abc
+import math
 
 import six
 
 from cryptography import utils
 from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import rsa
 
 
 @six.add_metaclass(abc.ABCMeta)
@@ -65,3 +67,13 @@ class MGF1(object):
             raise TypeError("Expected instance of hashes.HashAlgorithm.")
 
         self._algorithm = algorithm
+
+
+def calculate_max_pss_salt_length(key, hash_algorithm):
+    if not isinstance(key, (rsa.RSAPrivateKey, rsa.RSAPublicKey)):
+        raise TypeError("key must be an RSA public or private key")
+    # bit length - 1 per RFC 3447
+    emlen = int(math.ceil((key.key_size - 1) / 8.0))
+    salt_length = emlen - hash_algorithm.digest_size - 2
+    assert salt_length >= 0
+    return salt_length